Analysis
-
max time kernel
134s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
08/01/2024, 16:46
Behavioral task
behavioral1
Sample
4bf3176f369445bfd33a656bfba50b7c.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4bf3176f369445bfd33a656bfba50b7c.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
4bf3176f369445bfd33a656bfba50b7c.dll
-
Size
56KB
-
MD5
4bf3176f369445bfd33a656bfba50b7c
-
SHA1
d4fd8db4ef35d9eedcdfad2fcce37328578d5e57
-
SHA256
c95bf59964b267cd332fff21a7d54ef33951795310188de74acfcbe3f604bc51
-
SHA512
5a6818a186f7add86a781fc199c3eac9df8d3dc0f80fb12525e996f4c3067576ac4c37ba65e74d6b3873dd49fb280a392eab6276c7dcd09fa5f7fd1427f47d8d
-
SSDEEP
1536:8+NsT5wgmyMbmkcvQUS0DSqIswjrKvdwQ3luZd8xhKXTQqCmuhZ:+eFFcvFDSqIZeCcxhKXTQ/
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3480 wrote to memory of 1616 3480 rundll32.exe 14 PID 3480 wrote to memory of 1616 3480 rundll32.exe 14 PID 3480 wrote to memory of 1616 3480 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4bf3176f369445bfd33a656bfba50b7c.dll,#11⤵PID:1616
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4bf3176f369445bfd33a656bfba50b7c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3480